using System;
using System.Threading;
using NUnit.Framework;
using SmartPeople.Framework.SecuritySpace.Tests;

namespace SmartPeople.Framework.SecuritySpace.Provider.Tests
{
    [TestFixture]
    public class SecurityUserTests
    {
        //SUser_001
        [Test, Description("Reset the password to random by ResetPassword Method")]
        public void ResetPassword()
        {
            ISecuritySpace securitySpace = TestsHelper.GetSecuritySpace();
            securitySpace.Clear();

            securitySpace.Users.DeleteUser("User1");

            ISecurityUser user1 =
                securitySpace.Users.CreateUser(TestUsers.User1, TestUsers.User1Password, "user1susr009@acme.com",
                                               "What is your madien name?", "Maggie", true, "test user1");
            string newPassword = user1.ResetPassword();

            Assert.IsTrue(Validate(newPassword));

            securitySpace.Clear();
        }

        //SUser_002
        [Test, Description("Reset the password with ResetPassword(string passwordAnswer)")]
        public void ResetPasswordWithPasswordAnswer()
        {
            ISecuritySpace securitySpace = TestsHelper.GetSecuritySpace();
            securitySpace.Clear();
            securitySpace.Users.DeleteUser("User1");

            ISecurityUser user1 =
                securitySpace.Users.CreateUser(TestUsers.User1, TestUsers.User1Password, "user1susr009@acme.com",
                                               "What is your madien name?", "Maggie", true, "test user1");


            string newPassword = user1.ResetPassword("Maggie");

            Assert.IsTrue(Validate(newPassword));

            securitySpace.Clear();
        }


        //SUser_002
        [Test, Description("Reset the password with ResetPassword(string passwordAnswer)")]
        public void UserSignOut()
        {
            ISecuritySpace securitySpace = TestsHelper.GetSecuritySpace();
            securitySpace.Clear();
            securitySpace.Users.DeleteUser("User1");

            ISecurityUser user1 =
                securitySpace.Users.CreateUser(TestUsers.User1, TestUsers.User1Password, "user1susr009@acme.com",
                                               "What is your madien name?", "Maggie", true, "test user1");


            IToken currentToken = securitySpace.Users.Authenticate(TestUsers.User1, TestUsers.User1Password);
            ISecurityUser user = securitySpace.Users.GetUser(currentToken, true);
            
            securitySpace.Users.SignOut(currentToken);

            Assert.IsFalse(user.IsOnline);
            Assert.AreNotEqual(currentToken, user.SessionID);


            securitySpace.Clear();
        }


        public void TestUserTimeOut()
        {
            ISecuritySpace securitySpace = TestsHelper.GetSecuritySpace();
            securitySpace.Clear();
            securitySpace.Users.DeleteUser("User1");

            ISecurityUser user1 =
                securitySpace.Users.CreateUser(TestUsers.User1, TestUsers.User1Password, "user1susr009@acme.com",
                                               "What is your madien name?", "Maggie", true, "test user1");


            IToken currentToken = securitySpace.Users.Authenticate(TestUsers.User1, TestUsers.User1Password);
            ISecurityUser user = securitySpace.Users.GetUser(currentToken, true);
            
            //DateTime LA = user.LastActivityDate;
            Thread.Sleep(1000);
            
            //double TimeSpent = DateDiff("minute", LA, DateTime.Now);
            //if (TimeSpent > SecurityPolicy.GetTimeOut())
            //{
            //    securitySpace.Users.SignOut(currentToken);
            //}
            ISecurityUser user2 = securitySpace.Users.GetUser(TestUsers.User1);
            Assert.AreEqual(false, user2.IsOnline);
            Assert.AreNotEqual(currentToken, user2.SessionID);
        }

        private double DateDiff(string howtocompare, DateTime startDate, DateTime endDate)
        {
            double diff = 0;
            TimeSpan TS = new TimeSpan(endDate.Ticks - startDate.Ticks);

            switch (howtocompare.ToLower())
            {
                case "year":
                    diff = Convert.ToDouble(TS.TotalDays/365);
                    break;
                case "month":
                    diff = Convert.ToDouble((TS.TotalDays/365)*12);
                    break;
                case "day":
                    diff = Convert.ToDouble(TS.TotalDays);
                    break;
                case "hour":
                    diff = Convert.ToDouble(TS.TotalHours);
                    break;
                case "minute":
                    diff = Convert.ToDouble(TS.TotalMinutes);
                    break;
                case "second":
                    diff = Convert.ToDouble(TS.TotalSeconds);
                    break;
            }

            return diff;
        }

        //SUser_003
        [Test, Description("Lock a user then call unlock")]
        public void LockAndUnLockUser()
        {
            ISecuritySpace securitySpace = TestsHelper.GetSecuritySpace();
            securitySpace.Clear();
            securitySpace.Users.DeleteUser("User1");

            ISecurityUser user1 =
                securitySpace.Users.CreateUser(TestUsers.User1, TestUsers.User1Password, "user1susr009@acme.com",
                                               "What is your madien name?", "Maggie", true, "test user1");
            user1.IsLockedOut = true;
            securitySpace.Users.UpdateUser(user1);
            bool IsUserLockedOut1 = securitySpace.Users.GetUser(TestUsers.User1).IsLockedOut;
            Assert.IsTrue(IsUserLockedOut1);

            user1.UnlockUser();
            bool IsUserLockedOut2 = securitySpace.Users.GetUser(TestUsers.User1).IsLockedOut;
            Assert.IsFalse(IsUserLockedOut2);

            securitySpace.Users.UpdateUser(user1);

            securitySpace.Users.DeleteUser("User1");

            securitySpace.Clear();
        }


        //SUser_004
        [Test, Description("User logs in with new password changed by admin")]
        public void UserIsLockedOutAfterThreeWrongPasswordTries()
        {
            ISecuritySpace securitySpace = TestsHelper.GetSecuritySpace();
            securitySpace.Users.Clear();
            securitySpace.Users.DeleteUser("User1");
            ISecurityUser user1 =
                securitySpace.Users.CreateUser(TestUsers.User1, TestUsers.User1Password, "user1suser0010@acme.com");
            Assert.IsNotNull(user1);
            string SavedUserName = securitySpace.Users.GetUser(user1.UserName).UserName;
            Assert.AreEqual(user1.UserName, SavedUserName);
            Assert.AreEqual(1, securitySpace.Users.Count);
            //approve user
            user1.IsApproved = true;
            //change password
            user1.ChangePassword(TestUsers.User1Password, "john123Z");
            IToken token;
            //incorrect passsword try one
            token = securitySpace.Users.Authenticate(TestUsers.User1, "john123Z1");
            Assert.IsNull(token);
            //incorrect passsword try one
            token = securitySpace.Users.Authenticate(TestUsers.User1, "john123qw1");
            Assert.IsNull(token);
            //incorrect passsword try one
            token = securitySpace.Users.Authenticate(TestUsers.User1, "john123qsdw1");
            Assert.IsNull(token);
            //user is now locked out
            bool IsUserLockedOut = securitySpace.Users.GetUser(user1.UserName).IsLockedOut;
            Assert.IsTrue(IsUserLockedOut);
            //user tries correct password
            token = securitySpace.Users.Authenticate(TestUsers.User1, "john123Z");
            Assert.IsNull(token);


            securitySpace.Users.DeleteUser("User1");
            securitySpace.Clear();
        }


        /// <remarks>
        /// Does not cover hasConsecutive = false + hasRepeating = false + ExcludeSymbols = true
        /// Eg.XUaQloTNB
        /// Can go into cont loop.
        /// </remarks>
        public bool Validate(string password)
        {
            int iCount = 0;
            int minSize = 0;
            int maxSize = 10;
            bool hasConsecutive = true;
            bool hasRepeating = true;
            string Exclusions = "";
            bool ExcludeSymbols = true;
            const int UBoundDigit = 61;
            char[] pwdCharArray =
                "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789`~!@#$%^&*()-_=+[]{}\\|;:'\",<.>/?".
                    ToCharArray();

            if (password.Length < minSize || password.Length > maxSize)
                return (false);

            // check for Consecutive characters

            if (!hasConsecutive) // cannot have consecutive characters
            {
                for (iCount = 0; iCount < password.Length - 1; iCount++)
                {
                    if (password[iCount] == password[iCount + 1])
                        return (false);
                }
            }


            if (!hasRepeating) // cannot have repeating characters
            {
                for (iCount = 0; iCount < password.Length; iCount++)
                {
                    int index = password.IndexOf(password[iCount]);
                    while (index != -1)
                    {
                        if (index != iCount)
                            return (false);
                        index = password.IndexOf(password[iCount]);
                    }
                }
            }


            if (Exclusions != null) // cannot have characters from exclusion string
            {
                for (iCount = 0; iCount < password.Length; iCount++)
                {
                    if (Exclusions.IndexOf(password[iCount]) != -1)
                        return (false);
                }
            }


            if (ExcludeSymbols) // cannot contain 'symbols'
            {
                for (iCount = UBoundDigit; iCount < pwdCharArray.GetUpperBound(0); iCount++)
                {
                    if (password.IndexOf(pwdCharArray[iCount]) != -1)
                        return (false);
                }
            }

            return (true);
        }


        //SecPerm_004
        [Test, Description("Check full control on a type for a user using token")]
        public void CheckFullControlForAUserViaUserToken()
        {
            ISecuritySpace securitySpace = TestsHelper.GetSecuritySpace();
            securitySpace.Clear();

            ISecuritySecuredType folderType = securitySpace.SecuredTypes.CreateType("folderx2");
            folderType.Actions.CreateAction(TestActions.List);
            folderType.Actions.CreateAction(TestActions.Read);
            folderType.Actions.CreateAction(TestActions.Create);
            folderType.Actions.CreateAction(TestActions.Modify);
            folderType.Actions.CreateAction(TestActions.Delete);

            securitySpace.SecuredDocuments.SetDefaultPathType(folderType);
            securitySpace.SecuredDocuments.SetDefaultDocumentType(folderType);
            ISecuritySecuredDocument securedDocument;
            string commonPath = "/ACME/TA/Common";
            securedDocument = securitySpace.SecuredDocuments.CreatePath(commonPath);
            securitySpace.SecuredTypes.UpdateSecuredType(folderType);

            securitySpace.Roles.CreateRole(TestRoles.Users);
            securitySpace.Users.CreateUser("user1", "password1", "user1@acme.com", "What is you fathers middle name?",
                                           "Smith", true, "user1 comment");
            securitySpace.Roles.AddUsersToRoles(new string[] {"user1"}, new string[] {TestRoles.Users});
            ISecurityRole roleOperators = securitySpace.Roles.GetRole(TestRoles.Users);
            string genderPath = commonPath + "/Gender";
            securitySpace.SecurityPermissions.CreatePermission(roleOperators.GID, securedDocument.GID, AccessType.Allow);
            IToken usertoken = securitySpace.Users.Authenticate("user1", "password1");
            bool authorized;
            authorized = securitySpace.IsUserGranted(usertoken, genderPath, TestActions.Delete, "");
            Assert.IsTrue(authorized);

            securitySpace.Clear();
        }

        //SecPerm_005
        [Test, Description("Grant control on above folder only for a user")]
        public void CheckFullControlAUserViaTokenOneUp()
        {
            ISecuritySpace securitySpace = TestsHelper.GetSecuritySpace();
            securitySpace.Clear();

            ISecuritySecuredType folderType = securitySpace.SecuredTypes.CreateType("folderx3");
            folderType.Actions.CreateAction(TestActions.List);
            folderType.Actions.CreateAction(TestActions.Read);
            folderType.Actions.CreateAction(TestActions.Create);
            folderType.Actions.CreateAction(TestActions.Modify);
            folderType.Actions.CreateAction(TestActions.Delete);

            securitySpace.SecuredDocuments.SetDefaultPathType(folderType);
            securitySpace.SecuredDocuments.SetDefaultDocumentType(folderType);
            ISecuritySecuredDocument securedDocument;
            string commonPath = "/ACME/TA/Common";
            securedDocument = securitySpace.SecuredDocuments.CreatePath(commonPath);
            securitySpace.SecuredTypes.UpdateSecuredType(folderType);

            securitySpace.Roles.CreateRole(TestRoles.Users);
            securitySpace.Users.CreateUser("user1", "password1", "user1@acme.com", "What is you fathers middle name?",
                                           "Smith", true, "user1 comment");
            securitySpace.Roles.AddUsersToRoles(new string[] {"user1"}, new string[] {TestRoles.Users});
            ISecurityRole roleOperators = securitySpace.Roles.GetRole(TestRoles.Users);
            string genderPath = commonPath + "/Gender";
            securitySpace.SecurityPermissions.CreatePermission(roleOperators.GID, securedDocument.GID, AccessType.Allow);
            IToken usertoken = securitySpace.Users.Authenticate("user1", "password1");
            bool authorized;
            authorized = securitySpace.IsUserGranted(usertoken, commonPath, TestActions.Delete, "");
            Assert.IsTrue(authorized);

            securitySpace.Clear();
        }


        //SecPerm_008
        [Test]
        public void CheckFullControlViaUserTokenOneForTwoUserSamePaths()
        {
            ISecuritySpace securitySpace = TestsHelper.GetSecuritySpace();
            securitySpace.Clear();

            ISecuritySecuredType folderType = securitySpace.SecuredTypes.CreateType("folderx4");
            folderType.Actions.CreateAction(TestActions.List);
            folderType.Actions.CreateAction(TestActions.Read);
            folderType.Actions.CreateAction(TestActions.Create);
            folderType.Actions.CreateAction(TestActions.Modify);
            folderType.Actions.CreateAction(TestActions.Delete);
            securitySpace.SecuredDocuments.SetDefaultPathType(folderType);
            securitySpace.SecuredDocuments.SetDefaultDocumentType(folderType);
            ISecuritySecuredDocument securedDocument;
            string commonPath = "/ACME/TA/Common";
            securedDocument = securitySpace.SecuredDocuments.CreatePath(commonPath);
            securitySpace.SecuredTypes.UpdateSecuredType(folderType);
            securitySpace.Roles.CreateRole(TestRoles.Users);
            securitySpace.Users.CreateUser("user1", "password1", "user1@acme.com", "What is you fathers middle name?",
                                           "Smith", true, "user1 comment");
            securitySpace.Users.CreateUser("user2", "password2", "user2@acme.com", "What is you fathers middle name?",
                                           "Douglas", true, "user2 comment");

            securitySpace.Roles.AddUsersToRoles(new string[] {"user1"}, new string[] {TestRoles.Users});
            securitySpace.Roles.AddUsersToRoles(new string[] {"user2"}, new string[] {TestRoles.Users});
            ISecurityRole roleOperators = securitySpace.Roles.GetRole(TestRoles.Users);
            string genderPath = commonPath + "/Gender";
            securitySpace.SecurityPermissions.CreatePermission(roleOperators.GID, securedDocument.GID, AccessType.Allow);
            IToken user1token = securitySpace.Users.Authenticate("user1", "password1");
            bool authorized1 = securitySpace.IsUserGranted(user1token, genderPath, TestActions.Delete, "");
            Assert.IsTrue(authorized1);
            IToken user2token = securitySpace.Users.Authenticate("user2", "password2");
            bool authorized2 = securitySpace.IsUserGranted(user2token, genderPath, TestActions.Delete, "");
            Assert.IsTrue(authorized2);

            securitySpace.Clear();
        }

        //SecPerm_009
        [Test, Description("Check if user has action on folder")]
        public void CheckIfUserHasRightToDeleteOnFolderViaRole()
        {
            bool authorized = true;
            ISecuritySpace securitySpace = TestsHelper.GetSecuritySpace();
            securitySpace.Clear();

            //create type folder
            ISecuritySecuredType folderType = securitySpace.SecuredTypes.CreateType("folderx5");
            folderType.Actions.CreateAction(TestActions.List);
            folderType.Actions.CreateAction(TestActions.Read);
            folderType.Actions.CreateAction(TestActions.Create);
            folderType.Actions.CreateAction(TestActions.Modify);
            folderType.Actions.CreateAction(TestActions.Delete);
            securitySpace.SecuredDocuments.SetDefaultPathType(folderType);
            securitySpace.SecuredDocuments.SetDefaultDocumentType(folderType);
            ISecuritySecuredDocument securedDocument;
            string commonPath = "/ACME/TA/Common";
            securedDocument = securitySpace.SecuredDocuments.CreatePath(commonPath);
            securitySpace.SecuredTypes.UpdateSecuredType(folderType);
            //create role
            securitySpace.Roles.CreateRole(TestRoles.Users);
            //grand role permission on document path
            ISecurityPermissions securityPermissions = TestsHelper.GetSecurityPermissions();
            Guid RoleGuid = securitySpace.Roles.GetRole(TestRoles.Users).GID;
            Guid DocGuid = securitySpace.SecuredDocuments.GetDocument(commonPath).GID;
            securityPermissions.CreatePermission(RoleGuid, DocGuid, AccessType.Allow);
            //check
            authorized =
                securityPermissions.IsGranted(RoleGuid, DocGuid);
            Assert.IsTrue(authorized);
            //create user
            securitySpace.Users.CreateUser("user1", "password1", "user1@acme.com", "What is you fathers middle name?",
                                           "Smith", true, "user1 comment");
            //add user to this role
            securitySpace.Roles.AddUsersToRoles(new string[] {"user1"}, new string[] {TestRoles.Users});
            //authenticate user
            IToken user1token = securitySpace.Users.Authenticate("user1", "password1");
            //check if user has permission for delete on path
            bool authorized1 = securitySpace.IsUserGranted(user1token, commonPath, TestActions.Delete, "");
            Assert.IsTrue(authorized1);

            securitySpace.Clear();
        }

        //TODO: Review implications of SecPerm_011 test.
        //SecPerm_011
        [Test, Description("Check if user has action on folder")]
        public void CheckIfUserDoesNotHasRightToDeleteOnFolderWithStateViaRole()
        {
            bool authorized = true;
            ISecuritySpace securitySpace = TestsHelper.GetSecuritySpace();
            securitySpace.Clear();

            //create type folder
            ISecuritySecuredType folderType = securitySpace.SecuredTypes.CreateType("folderx6");
            folderType.Actions.CreateAction(TestActions.List);
            folderType.Actions.CreateAction(TestActions.Read);
            folderType.Actions.CreateAction(TestActions.Create);
            folderType.Actions.CreateAction(TestActions.Modify);
            folderType.Actions.CreateAction(TestActions.Delete);
            folderType.States.CreateState(TestStates.New);
            //save the above
            securitySpace.SecuredTypes.UpdateSecuredType(folderType);
            securitySpace.SecuredDocuments.SetDefaultPathType(folderType);
            securitySpace.SecuredDocuments.SetDefaultDocumentType(folderType);
            ISecuritySecuredDocument securedDocument;
            string commonPath = "/ACME/TA/Common";
            //we need to specify that Common is also folder type
            securedDocument = securitySpace.SecuredDocuments.CreatePath(commonPath, "folderx6", "folderx6");
            //            securitySpace.SecuredTypes.UpdateSecuredType(folderType);
            //create role
            securitySpace.Roles.CreateRole(TestRoles.Users);
            //grand role permission on document path
            ISecurityPermissions securityPermissions = TestsHelper.GetSecurityPermissions();
            Guid RoleID = securitySpace.Roles.GetRole(TestRoles.Users).GID;
            Guid DocID = securitySpace.SecuredDocuments.GetDocument(commonPath).GID;
            Guid ActionID = securitySpace.SecuredDocuments.GetDocument(commonPath).GetActionID(TestActions.Create);
            Guid StateID = securitySpace.SecuredDocuments.GetDocument(commonPath).GetStateID(TestStates.New);

            securityPermissions.CreatePermission(RoleID, DocID, ActionID, StateID, AccessType.Allow);
            //create user
            securitySpace.Users.CreateUser("user1", "password1", "user1@acme.com", "What is you fathers middle name?",
                                           "Smith", true, "user1 comment");
            //add user to this role
            securitySpace.Roles.AddUsersToRoles(new string[] {"user1"}, new string[] {TestRoles.Users});
            //authenticate user
            IToken user1token = securitySpace.Users.Authenticate("user1", "password1");
            //check if user has permission for delete on path
            bool authorized1 =
                securitySpace.IsUserGranted(user1token, commonPath, TestActions.Delete, TestStates.ReadOnly);
            Assert.IsFalse(authorized1);

            securitySpace.Clear();
        }


        //SecPerm_012
        [Test]
        public void UserCannotDoActionAfterRevoke()
        {
            bool authorized = true;
            ISecuritySpace securitySpace = TestsHelper.GetSecuritySpace();
            securitySpace.Clear();


            //create type folder
            ISecuritySecuredType folderType = securitySpace.SecuredTypes.CreateType("folderx7");
            folderType.Actions.CreateAction(TestActions.List);
            folderType.Actions.CreateAction(TestActions.Read);
            folderType.Actions.CreateAction(TestActions.Create);
            folderType.Actions.CreateAction(TestActions.Modify);
            folderType.Actions.CreateAction(TestActions.Delete);
            folderType.States.CreateState(TestStates.New);
            //save the above
            securitySpace.SecuredTypes.UpdateSecuredType(folderType);
            securitySpace.SecuredDocuments.SetDefaultPathType(folderType);
            securitySpace.SecuredDocuments.SetDefaultDocumentType(folderType);
            ISecuritySecuredDocument securedDocument;
            string commonPath = "/ACME/TA/Common";
            securedDocument = securitySpace.SecuredDocuments.CreatePath(commonPath);
            securitySpace.SecuredTypes.UpdateSecuredType(folderType);
            //create role
            securitySpace.Roles.CreateRole(TestRoles.Users);
            //grand role permission on document path
            ISecurityPermissionsProvider securityPermissionProvider = TestsHelper.GetSecurityPermissions();
            Guid userRoleID = securitySpace.Roles.GetRole(TestRoles.Users).GID;
            Guid DocGuid = securitySpace.SecuredDocuments.GetDocument(commonPath).GID;
            Guid ActionGuid = securitySpace.SecuredDocuments.GetDocument(commonPath).GetActionID(TestActions.Create);
            Guid StateGuid = securitySpace.SecuredDocuments.GetDocument(commonPath).GetStateID(TestStates.New);
            securityPermissionProvider.CreatePermission(userRoleID, DocGuid, ActionGuid, StateGuid, AccessType.Allow);
            AccessType userAccessType;
            userAccessType = securityPermissionProvider.GetAccessType(userRoleID, DocGuid, ActionGuid, StateGuid);
            Assert.AreEqual(AccessType.Allow, userAccessType);
            ISecurityPermission securityPermission =
                securityPermissionProvider.GetPermission(userRoleID, DocGuid, ActionGuid, StateGuid);
            securityPermissionProvider.DeletePermission(securityPermission.GID);
            //check if user has permission for delete on path
            userAccessType = securityPermissionProvider.GetAccessType(userRoleID,
                                                                      DocGuid,
                                                                      ActionGuid,
                                                                      StateGuid);
            //if not access type was found then return inherited access type
            Assert.AreEqual(AccessType.Inherited, userAccessType);

            securitySpace.Clear();
        }


        //SecPerm_014
        [Test, Description("Update a user permission")]
        public void UpdateUserPermission()
        {
            bool authorized = true;
            ISecuritySpace securitySpace = TestsHelper.GetSecuritySpace();
            securitySpace.Clear();

            //create type folder
            ISecuritySecuredType folderType = securitySpace.SecuredTypes.CreateType("folderx8");
            folderType.Actions.CreateAction(TestActions.List);
            folderType.Actions.CreateAction(TestActions.Read);
            folderType.Actions.CreateAction(TestActions.Create);
            folderType.Actions.CreateAction(TestActions.Modify);
            folderType.Actions.CreateAction(TestActions.Delete);
            folderType.States.CreateState(TestStates.New);
            //save the above
            securitySpace.SecuredTypes.UpdateSecuredType(folderType);
            //set the default path
            securitySpace.SecuredDocuments.SetDefaultPathType(folderType);
            securitySpace.SecuredDocuments.SetDefaultDocumentType(folderType);
            ISecuritySecuredDocument securedDocument;
            string commonPath = "/ACME/TA/Common";
            securedDocument = securitySpace.SecuredDocuments.CreatePath(commonPath);
            securitySpace.SecuredTypes.UpdateSecuredType(folderType);
            //create role
            securitySpace.Roles.CreateRole(TestRoles.Users);
            ISecurityPermissionsProvider securityPermissionProvider = TestsHelper.GetSecurityPermissions();
            //get role
            Guid userRoleID = securitySpace.Roles.GetRole(TestRoles.Users).GID;
            Guid docGuid = securitySpace.SecuredDocuments.GetDocument(commonPath).GID;
            Guid actionGuid = securitySpace.SecuredDocuments.GetDocument(commonPath).GetActionID(TestActions.Create);
            Guid statGuid = securitySpace.SecuredDocuments.GetDocument(commonPath).GetStateID(TestStates.New);
            //create permission for action= create state = new allow
            securityPermissionProvider.CreatePermission(userRoleID, docGuid, actionGuid, statGuid, AccessType.Allow);
            AccessType userAccessType;
            //get access type
            userAccessType = securityPermissionProvider.GetAccessType(userRoleID, docGuid, actionGuid, statGuid);
            //confirm
            Assert.AreEqual(AccessType.Allow, userAccessType);
            //get the permission
            ISecurityPermission securityPermission =
                securityPermissionProvider.GetPermission(userRoleID, docGuid, actionGuid, statGuid);
            Guid actionGuid1 = securitySpace.SecuredDocuments.GetDocument(commonPath).GetActionID(TestActions.Delete);
            securityPermission.ActionID = actionGuid1;
            securityPermissionProvider.UpdatePermission(securityPermission);
            ISecurityPermission securityPermission1 =
                securityPermissionProvider.GetPermission(userRoleID, docGuid, actionGuid1, statGuid);
            //check if it has what every inherited permission
            Assert.AreEqual(actionGuid1, securityPermission1.ActionID);
            securitySpace.Clear();
        }

        //SecPerm_015
        [Test, Description("Create two permissions , But delete on specfic permission")]
        public void AssignTwoPermissionsViaUsers()
        {
            bool authorized = true;
            ISecuritySpace securitySpace = TestsHelper.GetSecuritySpace();
            securitySpace.Clear();

            //create type folder
            ISecuritySecuredType folderType = securitySpace.SecuredTypes.CreateType("folderx9");
            folderType.Actions.CreateAction(TestActions.List);
            folderType.Actions.CreateAction(TestActions.Read);
            folderType.Actions.CreateAction(TestActions.Create);
            folderType.Actions.CreateAction(TestActions.Modify);
            folderType.Actions.CreateAction(TestActions.Delete);
            folderType.States.CreateState(TestStates.New);
            securitySpace.SecuredDocuments.SetDefaultPathType(folderType);
            securitySpace.SecuredDocuments.SetDefaultDocumentType(folderType);
            ISecuritySecuredDocument securedDocument;
            string commonPath = "/ACME/TA/Common";
            securedDocument = securitySpace.SecuredDocuments.CreatePath(commonPath, "folderx9", "folderx9");
            securitySpace.SecuredTypes.UpdateSecuredType(folderType);
            //create role
            securitySpace.Roles.CreateRole(TestRoles.Users);
            //grand role permission on document path
            ISecurityPermissions securityPermissions = TestsHelper.GetSecurityPermissions();
            Guid roleGuid = securitySpace.Roles.GetRole(TestRoles.Users).GID;
            Guid docGuid = securitySpace.SecuredDocuments.GetDocument(commonPath).GID;
            Guid actionGuid = securitySpace.SecuredDocuments.GetDocument(commonPath).GetActionID(TestActions.Delete);
            Guid actionGuid1 = securitySpace.SecuredDocuments.GetDocument(commonPath).GetActionID(TestActions.Create);
            Guid stateGuid = securitySpace.SecuredDocuments.GetDocument(commonPath).GetStateID(TestStates.New);
            securityPermissions.CreatePermission(roleGuid, docGuid, actionGuid, stateGuid, AccessType.Allow);
            securityPermissions.CreatePermission(roleGuid, docGuid, actionGuid1, stateGuid, AccessType.Allow);
            //check
            //authorized = securityPermissions.IsGranted(roleGuid, docGuid);
            //Assert.IsTrue(authorized);
            //create user
            securitySpace.Users.CreateUser("user1", "password1", "user1@acme.com", "What is you fathers middle name?",
                                           "Smith", true, "user1 comment");
            //add user to this role
            securitySpace.Roles.AddUsersToRoles(new string[] {"user1"}, new string[] {TestRoles.Users});
            //authenticate user
            IToken user1token = securitySpace.Users.Authenticate("user1", "password1");
            //check if user has permission for delete on path
            bool authorized1 = securitySpace.IsUserGranted(user1token, commonPath, TestActions.Delete, TestStates.New);
            Assert.IsTrue(authorized1);
            bool authorized2 = securitySpace.IsUserGranted(user1token, commonPath, TestActions.Create, TestStates.New);
            Assert.IsTrue(authorized2);
            securitySpace.SecurityPermissions.DeletePermission(roleGuid, docGuid, actionGuid, stateGuid);
            bool authorized3 = securitySpace.IsUserGranted(user1token, commonPath, TestActions.Delete, TestStates.New);
            Assert.IsFalse(authorized3);
            bool authorized4 = securitySpace.IsUserGranted(user1token, commonPath, TestActions.Create, TestStates.New);
            Assert.IsTrue(authorized4);

            securitySpace.Clear();
        }


        [Test, Description("")]
        public void AssignUserToCreatedRoleThenClearPermissionCheckUserHasRights()
        {
            bool authorized = true;
            ISecuritySpace securitySpace = TestsHelper.GetSecuritySpace();
            securitySpace.Clear();
            ISecuritySecuredType folderType = securitySpace.SecuredTypes.CreateType("folderx10");
            folderType.Actions.CreateAction(TestActions.List);
            folderType.Actions.CreateAction(TestActions.Create);
            folderType.Actions.CreateAction(TestActions.Delete);
            securitySpace.SecuredDocuments.SetDefaultPathType(folderType);
            securitySpace.SecuredDocuments.SetDefaultDocumentType(folderType);
            ISecuritySecuredDocument securedDocument;
            string commonPath = "/ACME/TA/Common";
            securedDocument = securitySpace.SecuredDocuments.CreatePath(commonPath);
            securitySpace.SecuredTypes.UpdateSecuredType(folderType);
            //create role
            securitySpace.Roles.CreateRole(TestRoles.Users);
            //grand role permission on document path
            ISecurityPermissions securityPermissions = TestsHelper.GetSecurityPermissions();
            Guid RoleGuid = securitySpace.Roles.GetRole(TestRoles.Users).GID;
            Guid DocGuid = securitySpace.SecuredDocuments.GetDocument(commonPath).GID;
            securityPermissions.CreatePermission(RoleGuid, DocGuid, AccessType.Allow);
            //check
            authorized =
                securityPermissions.IsGranted(RoleGuid, DocGuid);
            Assert.IsTrue(authorized);
            //create user
            securitySpace.Users.CreateUser("user1", "password1", "user1@acme.com", "What is you fathers middle name?",
                                           "Smith", true, "user1 comment");
            //add user to this role
            securitySpace.Roles.AddUsersToRoles(new string[] {"user1"}, new string[] {TestRoles.Users});

            securitySpace.SecurityPermissions.Clear();

            Assert.AreEqual(0, securitySpace.SecurityPermissions.Count);

            IToken user1token = securitySpace.Users.Authenticate("user1", "password1");
            //check if user has permission for delete on path
            bool authorized1 = securitySpace.IsUserGranted(user1token, commonPath, TestActions.Delete, "");
            Assert.IsFalse(authorized1);

            securitySpace.Clear();
        }
    }
}